1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/dcl2crd: "true"
9 cnrm.cloud.google.com/managed-by-kcc: "true"
10 cnrm.cloud.google.com/stability-level: stable
11 cnrm.cloud.google.com/system: "true"
12 name: dlpinspecttemplates.dlp.cnrm.cloud.google.com
13spec:
14 group: dlp.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: DLPInspectTemplate
19 plural: dlpinspecttemplates
20 shortNames:
21 - gcpdlpinspecttemplate
22 - gcpdlpinspecttemplates
23 singular: dlpinspecttemplate
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 oneOf:
61 - required:
62 - organizationRef
63 - required:
64 - projectRef
65 properties:
66 description:
67 description: Short description (max 256 chars).
68 type: string
69 displayName:
70 description: Display name (max 256 chars).
71 type: string
72 inspectConfig:
73 description: The core content of the template. Configuration of the
74 scanning process.
75 properties:
76 contentOptions:
77 description: List of options defining data content to scan. If
78 empty, text, images, and other content will be included.
79 items:
80 type: string
81 type: array
82 customInfoTypes:
83 description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes
84 to learn more.
85 items:
86 properties:
87 dictionary:
88 description: A list of phrases to detect as a CustomInfoType.
89 properties:
90 cloudStoragePath:
91 description: Newline-delimited file of words in Cloud
92 Storage. Only a single file is accepted.
93 properties:
94 path:
95 description: 'A url representing a file or path
96 (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt'
97 type: string
98 type: object
99 wordList:
100 description: List of words or phrases to search for.
101 properties:
102 words:
103 description: Words or phrases defining the dictionary.
104 The dictionary must contain at least one phrase
105 and every phrase must contain at least 2 characters
106 that are letters or digits. [required]
107 items:
108 type: string
109 type: array
110 type: object
111 type: object
112 exclusionType:
113 description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType
114 will not cause a finding to be returned. It still can
115 be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED,
116 EXCLUSION_TYPE_EXCLUDE'
117 type: string
118 infoType:
119 description: CustomInfoType can either be a new infoType,
120 or an extension of built-in infoType, when the name matches
121 one of existing infoTypes and that infoType is specified
122 in `InspectContent.info_types` field. Specifying the latter
123 adds findings to the one detected by the system. If built-in
124 info type is not specified in `InspectContent.info_types`
125 list then the name is treated as a custom info type.
126 properties:
127 name:
128 description: Name of the information type. Either a
129 name of your choosing when creating a CustomInfoType,
130 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
131 when specifying a built-in type. When sending Cloud
132 DLP results to Data Catalog, infoType names should
133 conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
134 type: string
135 type: object
136 likelihood:
137 description: 'Likelihood to return for this CustomInfoType.
138 This base value can be altered by a detection rule if
139 the finding meets the criteria specified by the rule.
140 Defaults to `VERY_LIKELY` if not specified. Possible values:
141 LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE,
142 LIKELY, VERY_LIKELY'
143 type: string
144 regex:
145 description: Regular expression based CustomInfoType.
146 properties:
147 groupIndexes:
148 description: The index of the submatch to extract as
149 findings. When not specified, the entire match is
150 returned. No more than 3 may be included.
151 items:
152 format: int64
153 type: integer
154 type: array
155 pattern:
156 description: Pattern defining the regular expression.
157 Its syntax (https://github.com/google/re2/wiki/Syntax)
158 can be found under the google/re2 repository on GitHub.
159 type: string
160 type: object
161 storedType:
162 description: Load an existing `StoredInfoType` resource
163 for use in `InspectDataSource`. Not currently supported
164 in `InspectContent`.
165 properties:
166 createTime:
167 description: Timestamp indicating when the version of
168 the `StoredInfoType` used for inspection was created.
169 Output-only field, populated by the system.
170 format: date-time
171 type: string
172 nameRef:
173 oneOf:
174 - not:
175 required:
176 - external
177 required:
178 - name
179 - not:
180 anyOf:
181 - required:
182 - name
183 - required:
184 - namespace
185 required:
186 - external
187 properties:
188 external:
189 description: |-
190 Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`.
191
192 Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`).
193 type: string
194 name:
195 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
196 type: string
197 namespace:
198 description: 'Namespace of the referent. More info:
199 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
200 type: string
201 type: object
202 type: object
203 surrogateType:
204 description: Message for detecting output from deidentification
205 transformations that support reversing.
206 type: object
207 x-kubernetes-preserve-unknown-fields: true
208 type: object
209 type: array
210 excludeInfoTypes:
211 description: When true, excludes type information of the findings.
212 type: boolean
213 includeQuote:
214 description: When true, a contextual quote from the data that
215 triggered a finding is included in the response; see Finding.quote.
216 type: boolean
217 infoTypes:
218 description: Restricts what info_types to look for. The values
219 must correspond to InfoType values returned by ListInfoTypes
220 or listed at https://cloud.google.com/dlp/docs/infotypes-reference.
221 When no InfoTypes or CustomInfoTypes are specified in a request,
222 the system may automatically choose what detectors to run. By
223 default this may be all types, but may change over time as detectors
224 are updated. If you need precise control and predictability
225 as to what detectors are run you should specify specific InfoTypes
226 listed in the reference, otherwise a default list will be used,
227 which may change over time.
228 items:
229 properties:
230 name:
231 description: Name of the information type. Either a name
232 of your choosing when creating a CustomInfoType, or one
233 of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
234 when specifying a built-in type. When sending Cloud DLP
235 results to Data Catalog, infoType names should conform
236 to the pattern `[A-Za-z0-9$-_]{1,64}`.
237 type: string
238 type: object
239 type: array
240 limits:
241 description: Configuration to control the number of findings returned.
242 properties:
243 maxFindingsPerInfoType:
244 description: Configuration of findings limit given for specified
245 infoTypes.
246 items:
247 properties:
248 infoType:
249 description: Type of information the findings limit
250 applies to. Only one limit per info_type should be
251 provided. If InfoTypeLimit does not have an info_type,
252 the DLP API applies the limit against all info_types
253 that are found but not specified in another InfoTypeLimit.
254 properties:
255 name:
256 description: Name of the information type. Either
257 a name of your choosing when creating a CustomInfoType,
258 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
259 when specifying a built-in type. When sending
260 Cloud DLP results to Data Catalog, infoType names
261 should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
262 type: string
263 type: object
264 maxFindings:
265 description: Max findings limit for the given infoType.
266 format: int64
267 type: integer
268 type: object
269 type: array
270 maxFindingsPerItem:
271 description: Max number of findings that will be returned
272 for each item scanned. When set within `InspectJobConfig`,
273 the maximum returned is 2000 regardless if this is set higher.
274 When set within `InspectContentRequest`, this field is ignored.
275 format: int64
276 type: integer
277 maxFindingsPerRequest:
278 description: Max number of findings that will be returned
279 per request/job. When set within `InspectContentRequest`,
280 the maximum returned is 2000 regardless if this is set higher.
281 format: int64
282 type: integer
283 type: object
284 minLikelihood:
285 description: 'Only returns findings equal or above this threshold.
286 The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood
287 to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY,
288 UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY'
289 type: string
290 ruleSet:
291 description: Set of rules to apply to the findings for this InspectConfig.
292 Exclusion rules, contained in the set are executed in the end,
293 other rules are executed in the order they are specified for
294 each info type.
295 items:
296 properties:
297 infoTypes:
298 description: List of infoTypes this rule set is applied
299 to.
300 items:
301 properties:
302 name:
303 description: Name of the information type. Either
304 a name of your choosing when creating a CustomInfoType,
305 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
306 when specifying a built-in type. When sending Cloud
307 DLP results to Data Catalog, infoType names should
308 conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
309 type: string
310 type: object
311 type: array
312 rules:
313 description: Set of rules to be applied to infoTypes. The
314 rules are applied in order.
315 items:
316 properties:
317 exclusionRule:
318 description: Exclusion rule.
319 properties:
320 dictionary:
321 description: Dictionary which defines the rule.
322 properties:
323 cloudStoragePath:
324 description: Newline-delimited file of words
325 in Cloud Storage. Only a single file is
326 accepted.
327 properties:
328 path:
329 description: 'A url representing a file
330 or path (no wildcards) in Cloud Storage.
331 Example: gs://[BUCKET_NAME]/dictionary.txt'
332 type: string
333 type: object
334 wordList:
335 description: List of words or phrases to search
336 for.
337 properties:
338 words:
339 description: Words or phrases defining
340 the dictionary. The dictionary must
341 contain at least one phrase and every
342 phrase must contain at least 2 characters
343 that are letters or digits. [required]
344 items:
345 type: string
346 type: array
347 type: object
348 type: object
349 excludeInfoTypes:
350 description: Set of infoTypes for which findings
351 would affect this rule.
352 properties:
353 infoTypes:
354 description: InfoType list in ExclusionRule
355 rule drops a finding when it overlaps or
356 contained within with a finding of an infoType
357 from this list. For example, for `InspectionRuleSet.info_types`
358 containing "PHONE_NUMBER"` and `exclusion_rule`
359 containing `exclude_info_types.info_types`
360 with "EMAIL_ADDRESS" the phone number findings
361 are dropped if they overlap with EMAIL_ADDRESS
362 finding. That leads to "555-222-2222@example.org"
363 to generate only a single finding, namely
364 email address.
365 items:
366 properties:
367 name:
368 description: Name of the information
369 type. Either a name of your choosing
370 when creating a CustomInfoType, or
371 one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
372 when specifying a built-in type. When
373 sending Cloud DLP results to Data
374 Catalog, infoType names should conform
375 to the pattern `[A-Za-z0-9$-_]{1,64}`.
376 type: string
377 type: object
378 type: array
379 type: object
380 matchingType:
381 description: 'How the rule is applied, see MatchingType
382 documentation for details. Possible values:
383 MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH,
384 MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH'
385 type: string
386 regex:
387 description: Regular expression which defines
388 the rule.
389 properties:
390 groupIndexes:
391 description: The index of the submatch to
392 extract as findings. When not specified,
393 the entire match is returned. No more than
394 3 may be included.
395 items:
396 format: int64
397 type: integer
398 type: array
399 pattern:
400 description: Pattern defining the regular
401 expression. Its syntax (https://github.com/google/re2/wiki/Syntax)
402 can be found under the google/re2 repository
403 on GitHub.
404 type: string
405 type: object
406 type: object
407 hotwordRule:
408 properties:
409 hotwordRegex:
410 description: Regular expression pattern defining
411 what qualifies as a hotword.
412 properties:
413 groupIndexes:
414 description: The index of the submatch to
415 extract as findings. When not specified,
416 the entire match is returned. No more than
417 3 may be included.
418 items:
419 format: int64
420 type: integer
421 type: array
422 pattern:
423 description: Pattern defining the regular
424 expression. Its syntax (https://github.com/google/re2/wiki/Syntax)
425 can be found under the google/re2 repository
426 on GitHub.
427 type: string
428 type: object
429 likelihoodAdjustment:
430 description: Likelihood adjustment to apply to
431 all matching findings.
432 properties:
433 fixedLikelihood:
434 description: 'Set the likelihood of a finding
435 to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED,
436 VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY,
437 VERY_LIKELY'
438 type: string
439 relativeLikelihood:
440 description: Increase or decrease the likelihood
441 by the specified number of levels. For example,
442 if a finding would be `POSSIBLE` without
443 the detection rule and `relative_likelihood`
444 is 1, then it is upgraded to `LIKELY`, while
445 a value of -1 would downgrade it to `UNLIKELY`.
446 Likelihood may never drop below `VERY_UNLIKELY`
447 or exceed `VERY_LIKELY`, so applying an
448 adjustment of 1 followed by an adjustment
449 of -1 when base likelihood is `VERY_LIKELY`
450 will result in a final likelihood of `LIKELY`.
451 format: int64
452 type: integer
453 type: object
454 proximity:
455 description: Proximity of the finding within which
456 the entire hotword must reside. The total length
457 of the window cannot exceed 1000 characters.
458 Note that the finding itself will be included
459 in the window, so that hotwords may be used
460 to match substrings of the finding itself. For
461 example, the certainty of a phone number regex
462 "(d{3}) d{3}-d{4}" could be adjusted upwards
463 if the area code is known to be the local area
464 code of a company office using the hotword regex
465 "(xxx)", where "xxx" is the area code in question.
466 properties:
467 windowAfter:
468 description: Number of characters after the
469 finding to consider.
470 format: int64
471 type: integer
472 windowBefore:
473 description: Number of characters before the
474 finding to consider.
475 format: int64
476 type: integer
477 type: object
478 type: object
479 type: object
480 type: array
481 type: object
482 type: array
483 type: object
484 location:
485 description: Immutable. The location of the resource
486 type: string
487 organizationRef:
488 description: Immutable. The Organization that this resource belongs
489 to. Only one of [organizationRef, projectRef] may be specified.
490 oneOf:
491 - not:
492 required:
493 - external
494 required:
495 - name
496 - not:
497 anyOf:
498 - required:
499 - name
500 - required:
501 - namespace
502 required:
503 - external
504 properties:
505 external:
506 description: 'Allowed value: The Google Cloud resource name of
507 a Google Cloud Organization (format: `organizations/{{name}}`).'
508 type: string
509 name:
510 description: |-
511 [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.
512 Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
513 type: string
514 namespace:
515 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
516 type: string
517 type: object
518 projectRef:
519 description: Immutable. The Project that this resource belongs to.
520 Only one of [organizationRef, projectRef] may be specified.
521 oneOf:
522 - not:
523 required:
524 - external
525 required:
526 - name
527 - not:
528 anyOf:
529 - required:
530 - name
531 - required:
532 - namespace
533 required:
534 - external
535 properties:
536 external:
537 description: 'Allowed value: The Google Cloud resource name of
538 a `Project` resource (format: `projects/{{name}}`).'
539 type: string
540 name:
541 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
542 type: string
543 namespace:
544 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
545 type: string
546 type: object
547 resourceID:
548 description: Immutable. Optional. The service-generated name of the
549 resource. Used for acquisition only. Leave unset to create a new
550 resource.
551 type: string
552 type: object
553 status:
554 properties:
555 conditions:
556 description: Conditions represent the latest available observation
557 of the resource's current state.
558 items:
559 properties:
560 lastTransitionTime:
561 description: Last time the condition transitioned from one status
562 to another.
563 type: string
564 message:
565 description: Human-readable message indicating details about
566 last transition.
567 type: string
568 reason:
569 description: Unique, one-word, CamelCase reason for the condition's
570 last transition.
571 type: string
572 status:
573 description: Status is the status of the condition. Can be True,
574 False, Unknown.
575 type: string
576 type:
577 description: Type is the type of the condition.
578 type: string
579 type: object
580 type: array
581 createTime:
582 description: Output only. The creation timestamp of an inspectTemplate.
583 format: date-time
584 type: string
585 locationId:
586 description: Output only. The geographic location where this resource
587 is stored.
588 type: string
589 observedGeneration:
590 description: ObservedGeneration is the generation of the resource
591 that was most recently observed by the Config Connector controller.
592 If this is equal to metadata.generation, then that means that the
593 current reported status reflects the most recent desired state of
594 the resource.
595 type: integer
596 updateTime:
597 description: Output only. The last update timestamp of an inspectTemplate.
598 format: date-time
599 type: string
600 type: object
601 type: object
602 served: true
603 storage: true
604 subresources:
605 status: {}
606status:
607 acceptedNames:
608 kind: ""
609 plural: ""
610 conditions: []
611 storedVersions: []
View as plain text